List of usage examples for org.apache.hadoop.security UserGroupInformation getCurrentUser
@InterfaceAudience.Public @InterfaceStability.Evolving public static UserGroupInformation getCurrentUser() throws IOException
From source file:gobblin.data.management.copy.recovery.RecoveryHelper.java
License:Apache License
/** * Get the persist directory for this job. * @param state {@link State} containing job information. * @return A {@link Path} used as persist directory for this job. Note this path is user-specific for security reasons. * @throws java.io.IOException//from w w w .j a va2 s.com */ public static Optional<Path> getPersistDir(State state) throws IOException { if (state.contains(PERSIST_DIR_KEY)) { return Optional.of(new Path(state.getProp(PERSIST_DIR_KEY), UserGroupInformation.getCurrentUser().getShortUserName())); } return Optional.absent(); }
From source file:gobblin.data.management.trash.AsyncTrash.java
License:Apache License
public AsyncTrash(FileSystem fs, Properties properties) throws IOException { this(fs, properties, UserGroupInformation.getCurrentUser().getShortUserName()); }
From source file:gobblin.data.management.trash.ProxiedTrash.java
License:Apache License
/** * Get {@link gobblin.data.management.trash.Trash} instance for the specified user. * @param user user for whom {@link gobblin.data.management.trash.Trash} should be generated. * @return {@link gobblin.data.management.trash.Trash} as generated by proxied user. * @throws IOException//from w ww. j a va 2s . c om */ protected Trash getUserTrash(final String user) throws IOException { if (UserGroupInformation.getCurrentUser().getShortUserName().equals(user)) { return this; } try { return this.trashCache.get(user, new Callable<Trash>() { @Override public Trash call() throws Exception { return createNewTrashForUser(ProxiedTrash.this.fs, ProxiedTrash.this.properties, user); } }); } catch (ExecutionException ee) { throw new IOException("Failed to get trash for user " + user); } }
From source file:gobblin.data.management.trash.Trash.java
License:Apache License
/** * @deprecated Use {@link gobblin.data.management.trash.TrashFactory}. *///from w w w .j a va 2 s. com @Deprecated public Trash(FileSystem fs, Properties props) throws IOException { this(fs, props, UserGroupInformation.getCurrentUser().getUserName()); }
From source file:gobblin.data.management.trash.TrashFactory.java
License:Apache License
public static Trash createTrash(FileSystem fs, Properties props) throws IOException { return createTrash(fs, props, UserGroupInformation.getCurrentUser().getShortUserName()); }
From source file:gobblin.data.management.trash.TrashFactory.java
License:Apache License
public static ProxiedTrash createProxiedTrash(FileSystem fs, Properties props) throws IOException { return createProxiedTrash(fs, props, UserGroupInformation.getCurrentUser().getShortUserName()); }
From source file:gobblin.data.management.trash.TrashTest.java
License:Apache License
@Test public void testUserReplacement() throws IOException { Properties properties = new Properties(); properties.setProperty(Trash.TRASH_LOCATION_KEY, "/trash/$USER/dir"); Path expectedTrashPath = new Path("/trash/" + UserGroupInformation.getCurrentUser().getUserName() + "/dir"); TrashTestBase trash = new TrashTestBase(properties); Assert.assertTrue(trash.trash.getTrashLocation().equals(expectedTrashPath)); }
From source file:gobblin.util.ProxiedFileSystemWrapper.java
License:Apache License
/** * Getter for proxiedFs, using the passed parameters to create an instance of a proxiedFs. * @param properties//from w w w .j a v a 2s . com * @param authType is either TOKEN or KEYTAB. * @param authPath is the KEYTAB location if the authType is KEYTAB; otherwise, it is the token file. * @param uri File system URI. * @throws IOException * @throws InterruptedException * @throws URISyntaxException * @return proxiedFs */ public FileSystem getProxiedFileSystem(State properties, AuthType authType, String authPath, String uri, final Configuration conf) throws IOException, InterruptedException, URISyntaxException { Preconditions.checkArgument( StringUtils.isNotBlank(properties.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME)), "State does not contain a proper proxy user name"); String proxyUserName = properties.getProp(ConfigurationKeys.FS_PROXY_AS_USER_NAME); UserGroupInformation proxyUser; switch (authType) { case KEYTAB: // If the authentication type is KEYTAB, log in a super user first before creating a proxy user. Preconditions.checkArgument( StringUtils .isNotBlank(properties.getProp(ConfigurationKeys.SUPER_USER_NAME_TO_PROXY_AS_OTHERS)), "State does not contain a proper proxy token file name"); String superUser = properties.getProp(ConfigurationKeys.SUPER_USER_NAME_TO_PROXY_AS_OTHERS); UserGroupInformation.loginUserFromKeytab(superUser, authPath); proxyUser = UserGroupInformation.createProxyUser(proxyUserName, UserGroupInformation.getLoginUser()); break; case TOKEN: // If the authentication type is TOKEN, create a proxy user and then add the token to the user. proxyUser = UserGroupInformation.createProxyUser(proxyUserName, UserGroupInformation.getLoginUser()); Optional<Token<?>> proxyToken = getTokenFromSeqFile(authPath, proxyUserName); if (proxyToken.isPresent()) { proxyUser.addToken(proxyToken.get()); } else { LOG.warn("No delegation token found for the current proxy user."); } break; default: LOG.warn( "Creating a proxy user without authentication, which could not perform File system operations."); proxyUser = UserGroupInformation.createProxyUser(proxyUserName, UserGroupInformation.getLoginUser()); break; } final URI fsURI = URI.create(uri); proxyUser.doAs(new PrivilegedExceptionAction<Void>() { @Override public Void run() throws IOException { LOG.debug("Now performing file system operations as :" + UserGroupInformation.getCurrentUser()); proxiedFs = FileSystem.get(fsURI, conf); return null; } }); return this.proxiedFs; }
From source file:gobblin.yarn.GobblinYarnAppLauncher.java
License:Apache License
private void setupSecurityTokens(ContainerLaunchContext containerLaunchContext) throws IOException { Credentials credentials = UserGroupInformation.getCurrentUser().getCredentials(); String tokenRenewer = this.yarnConfiguration.get(YarnConfiguration.RM_PRINCIPAL); if (tokenRenewer == null || tokenRenewer.length() == 0) { throw new IOException("Failed to get master Kerberos principal for the RM to use as renewer"); }/*from w ww . java 2 s . c o m*/ // For now, only getting tokens for the default file-system. Token<?> tokens[] = this.fs.addDelegationTokens(tokenRenewer, credentials); if (tokens != null) { for (Token<?> token : tokens) { LOGGER.info("Got delegation token for " + this.fs.getUri() + "; " + token); } } Closer closer = Closer.create(); try { DataOutputBuffer dataOutputBuffer = closer.register(new DataOutputBuffer()); credentials.writeTokenStorageToStream(dataOutputBuffer); ByteBuffer fsTokens = ByteBuffer.wrap(dataOutputBuffer.getData(), 0, dataOutputBuffer.getLength()); containerLaunchContext.setTokens(fsTokens); } catch (Throwable t) { throw closer.rethrow(t); } finally { closer.close(); } }
From source file:gobblin.yarn.YarnContainerSecurityManager.java
License:Apache License
@VisibleForTesting void addDelegationTokens(Collection<Token<? extends TokenIdentifier>> tokens) throws IOException { for (Token<? extends TokenIdentifier> token : tokens) { if (!UserGroupInformation.getCurrentUser().addToken(token)) { LOGGER.error(String.format("Failed to add token %s to user %s", token.toString(), UserGroupInformation.getLoginUser().getShortUserName())); }//w w w. j ava2 s. c om } }